Video Screencast Help

PGP CommandLine Export

Created: 18 Apr 2011 | 1 comment

I am trialing PGP Commandline 10.1, and i have a question about key export.

I ran an excryption/decryption test and all went well.

Next , I created a key and exported it to the user using the

pgp --export < userid  userid >  and sent the .asc file to the enduser via email.

The end user then complained that this file had both the public and private

key, and hence was a security problem. This user is using pgp desktop 10.1.

I followed trhe PGP Commandline 10.1 manual p 50-52,

and wonder  1) is this really a concern, and 2 ) if so , how do i only

export my private key.

Thank you,



Comments 1 CommentJump to latest comment

dfinkelstein's picture

Running "--export" will only export your public key.

To export your private key, you need to run "--export-key-pair".

You want to only export your public key and send that to your partners.  You should never need to send anyone your private key, and in general you don't export your private key (except for backup purposes, though you can always backup the actual keyring files).

It is a security issue to send someone your private key material, but I wonder how (or even if) that happened.

After you run "pgp --export KeyID" you can look at the .asc file.  It should have "-----BEGIN PGP PUBLIC KEY BLOCK-----" at the top and "-----END PGP PUBLIC KEY BLOCK-----" at the bottom.  When you run "--export-key-pair", the .asc file will also contain a private key block ("-----BEGIN PGP PRIVATE KEY BLOCK-----", "-----END PGP PRIVATE KEY BLOCK-----") above the public key block.


David Finkelstein

Symantec R&D